Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: cli test files #743

Merged
merged 5 commits into from
Sep 11, 2023
Merged

fix: cli test files #743

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ad2f30f
fix: cli test files
eddycharly Sep 11, 2023
b48e4f9
Merge branch 'main' into fix-test-files
eddycharly Sep 11, 2023
e07b6e5
Merge branch 'main' into fix-test-files
eddycharly Sep 11, 2023
52a7396
Merge branch 'main' into fix-test-files
eddycharly Sep 11, 2023
ba9f616
Merge branch 'main' into fix-test-files
eddycharly Sep 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 38 additions & 32 deletions argo/appproject-clusterresourceblacklist/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,36 +1,42 @@
name: appproject-clusterresourceblacklist
policies:
- appproject-clusterresourceblacklist.yaml
- appproject-clusterresourceblacklist.yaml
resources:
- resources.yaml
- resources.yaml
results:
- policy: appproject-clusterresourceblacklist
rule: has-wildcard
resource: goodappproj01
kind: AppProject
result: pass
- policy: appproject-clusterresourceblacklist
rule: validate-clusterresourceblacklist
resource: goodappproj02
kind: AppProject
result: pass
- policy: appproject-clusterresourceblacklist
rule: has-wildcard
resource: badappproj01
kind: AppProject
result: fail
- policy: appproject-clusterresourceblacklist
rule: has-wildcard
resource: badappproj02
kind: AppProject
result: fail
- policy: appproject-clusterresourceblacklist
rule: has-wildcard
resource: badappproj03
kind: AppProject
result: fail
- policy: appproject-clusterresourceblacklist
rule: validate-clusterresourceblacklist
resource: badappproj04
kind: AppProject
result: fail
- kind: AppProject
policy: appproject-clusterresourceblacklist
resources:
- goodappproj01
result: pass
rule: has-wildcard
- kind: AppProject
policy: appproject-clusterresourceblacklist
resources:
- goodappproj02
result: pass
rule: validate-clusterresourceblacklist
- kind: AppProject
policy: appproject-clusterresourceblacklist
resources:
- badappproj01
result: fail
rule: has-wildcard
- kind: AppProject
policy: appproject-clusterresourceblacklist
resources:
- badappproj02
result: fail
rule: has-wildcard
- kind: AppProject
policy: appproject-clusterresourceblacklist
resources:
- badappproj03
result: fail
rule: has-wildcard
- kind: AppProject
policy: appproject-clusterresourceblacklist
resources:
- badappproj04
result: fail
rule: validate-clusterresourceblacklist
17 changes: 9 additions & 8 deletions best-practices/add-network-policy/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
name: deny-all-traffic
policies:
- add-network-policy.yaml
- add-network-policy.yaml
resources:
- resource.yaml
- resource.yaml
results:
- policy: add-networkpolicy
rule: default-deny
resource: hello-world-namespace
generatedResource: generatedResource.yaml
kind: Namespace
result: pass
- generatedResource: generatedResource.yaml
kind: Namespace
policy: add-networkpolicy
resources:
- hello-world-namespace
result: pass
rule: default-deny
30 changes: 16 additions & 14 deletions best-practices/add-ns-quota/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
name: add-quota
policies:
- add-ns-quota.yaml
- add-ns-quota.yaml
resources:
- resource.yaml
- resource.yaml
results:
- policy: add-ns-quota
rule: generate-resourcequota
resource: hello-world-namespace
generatedResource: generatedResourceQuota.yaml
kind: Namespace
result: pass
- policy: add-ns-quota
rule: generate-limitrange
resource: hello-world-namespace
generatedResource: generatedLimitRange.yaml
kind: Namespace
result: pass
- generatedResource: generatedResourceQuota.yaml
kind: Namespace
policy: add-ns-quota
resources:
- hello-world-namespace
result: pass
rule: generate-resourcequota
- generatedResource: generatedLimitRange.yaml
kind: Namespace
policy: add-ns-quota
resources:
- hello-world-namespace
result: pass
rule: generate-limitrange
52 changes: 28 additions & 24 deletions best-practices/add-safe-to-evict/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,32 @@
name: add-safe-to-evict
policies:
- add-safe-to-evict.yaml
- add-safe-to-evict.yaml
resources:
- resource.yaml
- resource.yaml
results:
- policy: add-safe-to-evict
rule: annotate-empty-dir
resource: myapp-pod01
kind: Pod
result: skip
- policy: add-safe-to-evict
rule: annotate-host-path
resource: myapp-pod02
kind: Pod
result: skip
- policy: add-safe-to-evict
rule: annotate-empty-dir
resource: myapp-pod03
kind: Pod
result: pass
patchedResource: myapp-pod03-patched.yaml
- policy: add-safe-to-evict
rule: annotate-host-path
resource: myapp-pod04
kind: Pod
result: pass
patchedResource: myapp-pod04-patched.yaml
- kind: Pod
policy: add-safe-to-evict
resources:
- myapp-pod01
result: skip
rule: annotate-empty-dir
- kind: Pod
policy: add-safe-to-evict
resources:
- myapp-pod02
result: skip
rule: annotate-host-path
- kind: Pod
patchedResource: myapp-pod03-patched.yaml
policy: add-safe-to-evict
resources:
- myapp-pod03
result: pass
rule: annotate-empty-dir
- kind: Pod
patchedResource: myapp-pod04-patched.yaml
policy: add-safe-to-evict
resources:
- myapp-pod04
result: pass
rule: annotate-host-path
37 changes: 20 additions & 17 deletions best-practices/check-deprecated-apis/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,24 @@
name: check-deprecated-apis
policies:
- check-deprecated-apis.yaml
- check-deprecated-apis.yaml
resources:
- resource.yaml
- resource.yaml
results:
- policy: check-deprecated-apis
rule: validate-v1-25-removals
resource: bad-cronjob
kind: CronJob
result: fail
- policy: check-deprecated-apis
rule: validate-v1-25-removals
resource: good-cronjob
kind: CronJob
result: skip
- policy: check-deprecated-apis
rule: validate-v1-29-removals
resource: bad-flowschema
kind: FlowSchema
result: fail
- kind: CronJob
policy: check-deprecated-apis
resources:
- bad-cronjob
result: fail
rule: validate-v1-25-removals
- kind: CronJob
policy: check-deprecated-apis
resources:
- good-cronjob
result: skip
rule: validate-v1-25-removals
- kind: FlowSchema
policy: check-deprecated-apis
resources:
- bad-flowschema
result: fail
rule: validate-v1-29-removals
70 changes: 38 additions & 32 deletions best-practices/disallow-cri-sock-mount/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,36 +1,42 @@
name: disallow-cri-sock-mount
policies:
- disallow-cri-sock-mount.yaml
- disallow-cri-sock-mount.yaml
resources:
- resource.yaml
- resource.yaml
results:
- policy: disallow-container-sock-mounts
rule: validate-docker-sock-mount
resource: pod-with-docker-sock-mount
kind: Pod
result: fail
- policy: disallow-container-sock-mounts
rule: validate-containerd-sock-mount
resource: pod-with-docker-sock-mount
kind: Pod
result: pass
- policy: disallow-container-sock-mounts
rule: validate-crio-sock-mount
resource: pod-with-docker-sock-mount
kind: Pod
result: pass
- policy: disallow-container-sock-mounts
rule: validate-docker-sock-mount
resource: goodpod01
kind: Pod
result: pass
- policy: disallow-container-sock-mounts
rule: validate-containerd-sock-mount
resource: goodpod01
kind: Pod
result: pass
- policy: disallow-container-sock-mounts
rule: validate-crio-sock-mount
resource: goodpod01
kind: Pod
result: pass
- kind: Pod
policy: disallow-container-sock-mounts
resources:
- pod-with-docker-sock-mount
result: fail
rule: validate-docker-sock-mount
- kind: Pod
policy: disallow-container-sock-mounts
resources:
- pod-with-docker-sock-mount
result: pass
rule: validate-containerd-sock-mount
- kind: Pod
policy: disallow-container-sock-mounts
resources:
- pod-with-docker-sock-mount
result: pass
rule: validate-crio-sock-mount
- kind: Pod
policy: disallow-container-sock-mounts
resources:
- goodpod01
result: pass
rule: validate-docker-sock-mount
- kind: Pod
policy: disallow-container-sock-mounts
resources:
- goodpod01
result: pass
rule: validate-containerd-sock-mount
- kind: Pod
policy: disallow-container-sock-mounts
resources:
- goodpod01
result: pass
rule: validate-crio-sock-mount
50 changes: 26 additions & 24 deletions best-practices/disallow-default-namespace/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,30 @@
name: disallow-default-namespace
policies:
- disallow-default-namespace.yaml
- disallow-default-namespace.yaml
resources:
- resource.yaml
- resource.yaml
results:
# validate-namespace
- policy: disallow-default-namespace
rule: validate-namespace
resource: badpod01
kind: Pod
result: fail
- policy: disallow-default-namespace
rule: validate-namespace
resource: goodpod01
kind: Pod
result: pass
# validate-podcontroller-namespace
- policy: disallow-default-namespace
rule: validate-podcontroller-namespace
resource: baddeployment01
kind: Deployment
result: fail
- policy: disallow-default-namespace
rule: validate-podcontroller-namespace
resource: gooddeployment01
kind: Deployment
result: pass
- kind: Pod
policy: disallow-default-namespace
resources:
- badpod01
result: fail
rule: validate-namespace
- kind: Pod
policy: disallow-default-namespace
resources:
- goodpod01
result: pass
rule: validate-namespace
- kind: Deployment
policy: disallow-default-namespace
resources:
- baddeployment01
result: fail
rule: validate-podcontroller-namespace
- kind: Deployment
policy: disallow-default-namespace
resources:
- gooddeployment01
result: pass
rule: validate-podcontroller-namespace
26 changes: 14 additions & 12 deletions best-practices/disallow-empty-ingress-host/kyverno-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,18 @@
name: disallow-empty-ingress-host
policies:
- disallow-empty-ingress-host.yaml
- disallow-empty-ingress-host.yaml
resources:
- resource.yaml
- resource.yaml
results:
- policy: disallow-empty-ingress-host
rule: disallow-empty-ingress-host
resource: ingress-wildcard-host
result: pass
kind: Ingress
- policy: disallow-empty-ingress-host
rule: disallow-empty-ingress-host
resource: minimal-ingress
result: fail
kind: Ingress
- kind: Ingress
policy: disallow-empty-ingress-host
resources:
- ingress-wildcard-host
result: pass
rule: disallow-empty-ingress-host
- kind: Ingress
policy: disallow-empty-ingress-host
resources:
- minimal-ingress
result: fail
rule: disallow-empty-ingress-host
Loading
Loading